AML/KYC Policy

Last updated: March 2026

Compliance Notice: This policy is maintained in compliance with international AML standards including FATF (Financial Action Task Force) recommendations, applicable national legislation, and the requirements of our payment processing partners.

1. Purpose and Scope

PasPay is committed to preventing money laundering, terrorist financing, and other financial crimes. This policy applies to all users, all transactions processed through our platform, and all partner relationships established by PasPay.

We maintain a risk-based approach to AML compliance, allocating enhanced controls to higher-risk customers and transactions while ensuring frictionless service for low-risk users.

2. Customer Due Diligence (CDD)

Standard Verification (all users)

Required from every user before their first transfer:

Full legal name
Telegram username
Phone number
Country of residence

Enhanced Due Diligence (EDD)

Required for transfers exceeding $1,000 equivalent, high-risk jurisdictions, or flagged transaction patterns:

Government-issued photo ID (passport, national ID card, or driver's licence)
Proof of address (utility bill or bank statement dated within 3 months)
Source of funds declaration
Additional documentation may be requested on a case-by-case basis

Ongoing Monitoring

Continuous transaction pattern analysis
Regular re-verification for active high-volume users
Periodic review of customer risk classifications

3. Risk Assessment

We classify customers and transactions into three risk tiers:

LOW RISK

Standard transfers under $500 equivalent · Verified users with consistent transaction history · Known corridors with established partners

MEDIUM RISK

First-time users · Transfer amounts $500–$2,000 · New destination corridors · Inconsistent transaction patterns

HIGH RISK

PEP (Politically Exposed Persons) and their associates · High-value transfers above $2,000 · Unusual or inconsistent patterns · High-risk jurisdictions

High-risk transactions undergo additional manual review before processing. We reserve the right to request additional documentation or decline transactions at our discretion.

4. Prohibited Transactions

PasPay does not process the following transfers:

To/from OFAC-sanctioned countries (Cuba, Iran, North Korea, Syria, and sanctioned entities within Russia)
To individuals listed on OFAC SDN, EU, or UN sanctions lists
Suspected of structuring — splitting large amounts to avoid reporting thresholds
Involving suspected proceeds of criminal activity
Transfers for illegal goods or services
Transactions related to terrorist financing or proliferation financing

4b. Restricted Jurisdictions

PasPay does not accept transfers to or from the following jurisdictions:

✕Iran

✕North Korea

✕Cuba

✕Syria

✕Myanmar

✕Belarus (sanctioned entities)

✕Venezuela (gov. entities)

✕Sudan

✕Libya (designated entities)

✕Somalia

✕Yemen (designated entities)

✕Zimbabwe (designated)

Source: OFAC SDN List · EU Consolidated Sanctions · UN Security Council · FATF High-Risk Jurisdictions

This list is reviewed monthly and updated in accordance with OFAC, EU, and UN publications.

5. Transaction Monitoring

Automated sanctions screening against OFAC, EU, and UN lists on every transaction
Behavioural pattern detection for structuring, unusual volumes, and high-risk indicators
Manual review team for transactions flagged by automated systems
24-hour review window for high-risk cases before funds are released
All monitoring logs retained for a minimum of 5 years

6. Reporting Obligations

Suspicious Activity Reports (SAR) — filed with relevant financial intelligence units as required by law
Currency Transaction Reports (CTR) — for transactions meeting applicable reporting thresholds
Full cooperation with law enforcement requests, court orders, and regulatory inquiries
Tipping-off prohibition — customers are not informed when a SAR has been filed

7. Record Keeping

All KYC records, transaction data, and correspondence related to AML investigations are retained for a minimum of 5 years per FATF Recommendation 11. Records are stored securely and available to regulatory authorities upon lawful request.

8. Staff Training

All team members involved in transfer processing or customer due diligence receive mandatory AML/KYC training before handling transactions. Annual refresher training is required for all relevant staff. Training records are maintained and available for audit.

9. Compliance Officer

PasPay designates a Compliance Officer responsible for:

Maintaining and updating this AML/KYC policy
Reviewing and adjudicating flagged transactions
Filing regulatory reports (SAR, CTR) as required
Coordinating staff training programmes
Liaising with regulatory authorities and payment partners

10. Partner Due Diligence

All payment partners (on-ramp and off-ramp providers) are vetted before onboarding and subject to ongoing due diligence:

Valid operating licences and regulatory registrations
Documented AML compliance programmes
Sanctions screening capabilities
Periodic re-assessment of partner risk status

11. Policy Review

This policy is reviewed annually or following significant regulatory changes, material business changes, or findings from internal or external audits. The most recent version is always published at paspay.app/aml.

12. Contact

For all compliance, regulatory, and AML-related inquiries, contact our dedicated Compliance Officer:

Compliance Officer

Email: [email protected]

Response time: within 48 business hours

For law enforcement / court orders: [email protected]

General inquiries: [email protected]